We offer a complete training program for learning about the different aspects of Software Bill of Materials – generation, analysis, prioritisation and remediation. Olle and Anthony has long term experience of working with software transparency, vulnerability management and SBOM based processes. The trainings are easy to adopt to the needs of your organisation and will be performed on site for your team.
The short introductions
The 101’s are one-hour introductions to a topic for a wider audience. They give an overview of the topic and introduces the main concepts in an easy-to-understand way.
CRA 101
- What is it?
- When?
- What is needed?
- The SBOM
- Classes of products
SBOM 101
- Formats
- Usage
- Components
- Tools
- Process
VULNERABILITY 101
- Identifiers
- Databases
- Process
- Types
- SBOM usage
The 3-hour workshops
Introduction to the CRA
With the introduction of the EU Cyber Resilience Act (CRA) the software industry is regulated and the manufacturers – both commercial and Open Source projects – has a short time to get ready. This class is aimed at preparing the organisation for the change imposed by the new regulation. With experienced trainers, this fast-pace introduction will get the team a running start.
Introduction to SBOM
The Software Bill of Materials (SBOM) is a key artefact to support processes in securing software – for risk management, license compliance and vulnerability handling. But it is much more than a single file, it’s a set of data that will need management, enrichment and updates.
Introduction to vulnerability management
This class gives an overview of vulnerability management with SBOMs. The legislation’s focus on vulnerability management makes it important to know the fundamentals – which systems are involved, how do we range and prioritise vulnerabilities in our own software and dependencies. What is the meaning of abbreviations like CVE, CWS, CVSS, EPSS, KEV, OSV, PURL, CPE and others?
This class is for the product team, from product managers to developers.